[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Using SSL and TLS

Hello Matt,

You can enable the ldap debug mechanism and then you will get a file with more info on the problem, it is done like this : 

int    iDebugLevel = 127;
FILE   *LdapLogFile;

LdapLogFile = fopen("ldap.log", "a+");



This might help you, also if you want to work ssl you need a certificate for the ldap server, and you need to set the CA certificate at the client, like this:


And after that:

ldap_initialize(&pldap, "ldaps://my.server.com:636");
ldap_set_option( pldap, LDAP_OPT_PROTOCOL_VERSION, &iVer);
ldap_simple_bind_s(*hLdap, LdapUserName, LdapPassword);
This works for me. 


-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matt Harp
Sent: Thursday, February 19, 2004 9:25 PM
To: openldap-software@OpenLDAP.org
Subject: Using SSL and TLS

Hey all,

I've read numerous posts on the subject but still can't figure out what's
going on.

	OpenLDAP 2.1.25
	OpenSSL 0.9.7
	Cyrus-SASL 1.5.28
	Berkley DB 4.2

I have slapd running with TLS support, listening for SSL connections on port
636 and non-SSL on 389. I can do ldapsearch calls to -H
"ldaps://my.server.com" and it all works great. But, I can't figure out how
to connect using the libldap API calls.

I have code like this...

	LDAP *pldap = NULL;
	ldap_initialize( &pldap, "ldaps://my.server.com:636");

	int iVer = LDAP_VERSION3;
	ldap_set_option( pldap, LDAP_OPT_PROTOCOL_VERSION, &iVer);

	ldap_start_tls_s( pldap, NULL, NULL); // returns code 81, but my server is
not down.

	ldap_simple_bind_s( pldap, 0, 0); // also fails, even if I skip the
start_tls call.

If I change the ldap_initialize to pass in "ldap://my.server.com:389"; then
everything works (I don't call the start_tls of course, but simple_bind

Is this approach correct? I keep reading stuff about SSL and TLS, but can't
seem to completely grasp how they are different.

Why is the start_tls call failing with a client-side error telling me that
my server is down?

Any help would be greatly appreciated.